7ff1c48abe699a541e0001984fc724c57a04bc6d9d54212e212c5a0355b10078

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 03:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2a68b4cf782113049bc55bf30f07811d_JaffaCakes118.html
Size

20KB
MD5

2a68b4cf782113049bc55bf30f07811d
SHA1

a0c2f6c6164dc87edd3d914cf65a3fb02d6f3801
SHA256

7ff1c48abe699a541e0001984fc724c57a04bc6d9d54212e212c5a0355b10078
SHA512

a87e227f6a987b7584e2b35b9f19f619f2e4bd2cbafde4072cd9e3c3236153b7338860412a4ef9baa2f156f37b82715277502b4b7f2fdf9c971b7e01c909149b
SSDEEP

384:+u6eKko0lAtsdgLyKvBBJsITHLxHh7ANRu9SVlyQ1QgKVmQurKkQV0M8AqMvB7ms:DlMLVOYxHh7AN09SVlyQRKVmnrKkQVz3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434640478"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F330A041-863D-11EF-8BB8-FA59FB4FA467} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2524	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2524	iexplore.exe
2524	iexplore.exe
1180	IEXPLORE.EXE
1180	IEXPLORE.EXE
1180	IEXPLORE.EXE
1180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 1180	2524	iexplore.exe	30
PID 2524 wrote to memory of 1180	2524	iexplore.exe	30
PID 2524 wrote to memory of 1180	2524	iexplore.exe	30
PID 2524 wrote to memory of 1180	2524	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2a68b4cf782113049bc55bf30f07811d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
30be39157d5f2c9d0caf1de8829c7dc4

SHA1
62709d6f4eddf0417d9300a27358be083f117bfb

SHA256
67d7d93adc41096aa5154b13214604d889da52417da8c4f85c8d4053cd3e7677

SHA512
9c1f1268f7643ed81d3769911bd732785844a1c51fc8bea22a2b0a957b97cdd71f65d420fd1f7ee10a25f2229a73396c0f6373a95e0def7d18dcf9a9f944b7ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fe9f9efc3adcc25ecb97ba2aeac5d42

SHA1
c0e2b6e9f551344d43a7aaf4dd38810ff22e5d6b

SHA256
b41c16139c7a5dd915777b16130df2aa5a90e0977393465128704991b6f97c2f

SHA512
554f4139bebbf187305b68ee2fa89d139690e5fa59bd0c5587a5f1514b68cf042a3c20a234a2defd34b6ff39a69233a16bd0c5429c7e5b45a45d2c754bca574c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93826f19fc679dda481c335fff08d0e8

SHA1
2e8fe5a3bfec710292a64dc1486f3913e0e14945

SHA256
8f90ed18ad570c4dc9c4b4213af3fb9b317bb2e97339c3fff90fe569e7a77fc0

SHA512
aa6272570c521e1d9d64ab4415faf718c92fff11d9e605698d7ee125d8f02284eadb23edc57dd97f8e8c039620c3570e1f62691d1caeeefeee55ee6e4b7cd097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f17834d9d73f185c0cd3aacf2fa545f

SHA1
2eefe7003e17ed312f88c3c56e2363f858878dae

SHA256
68f5219ba17f2205d51ff4424c1bd83ae1dc72c22d0ad3fc615b0a6df49c059c

SHA512
a29160b4c19b166fb7ec9f50c0fc849567cf937a4742bab178727a5cd329cd4df149146fd7a9ca073161228799daed7df33455c478e7528de1343786a1f5a2ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75064c413701f5a67b2daf21369d57a4

SHA1
260eec187a465ea732e6a02767ccb4bb4c0de49c

SHA256
9f52d9684d7004f5e5f942d52427aa3e86a0c8781c60366aa4efd3245b3a1569

SHA512
cc963ebea3e048d5c0befba1fecd3ef15426bd4b4649032aebc4105b744f41dea34feccb567e7919b92192d3a7d1a3b0b49936d22c64a8daa251f115c83e46ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ef34c4e329f0acdb8ba041137295964

SHA1
6b71bbf12f256946ec5648ecb730bca033130474

SHA256
321a3f956eaede23ea202e034cd090137295f7989bf1a2bbc8fd6a987919acc6

SHA512
13186edb7fc2b26e010b719b10074e6eb9af5997f89d70d7c8e010bd0c5120677fffdb6e39c0f8fbd8ed066f87c5ef2d00debbe030ad49bbb3bf8ab83848e953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa1f9d9b779670e24152ef0b59003798

SHA1
464959c0020d5e5b6b6b8f457ca786b11851dcee

SHA256
53700af285720e88831f069bc0af2932cb93b4db60be8e11877d7ebdfaacdcbf

SHA512
1bf18f93fa8068c7570b4ec96bed0b62ceda573fbd09047240e0399aa37402e7731b08fbd8c60b066c9a41e95b9d5b5925d4964b84dc236832f8bd0957166c24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
138cd0cc090ff271918c1154f7b2f113

SHA1
3cfcc8cd343bbf6ea58f12aa516a666342bb243c

SHA256
e1dc1cc03d91e9bb9593344457e857248901971621e21c9881d953a4711cc94a

SHA512
55472b738b01001854874a59d590e4fcc87828b042e8fca61021b9e5dff334e9a6835aa98d7642587b54726b58fd3832765d51d17ce896951cbe1869119aa8d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92c5daa765b2db7a3ef8e756d9e582ed

SHA1
5853d0f70120bc274a3e415135997fc65fba0b9d

SHA256
44d7e7ef028aad0c517b324aea22cb3ffb1a9afcabae76913b887afcf7fdba8c

SHA512
6e695de531bb505e5080a3054dabeae4da58f54d39abd377f08ab19ada500fd4a4fc345ab3991024c7c526d68a5dbad610cd9751bd5ac9e13599365820b996d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
399ac5ed5d4bad6dbd4de4acb95de5c5

SHA1
7717cd85a3e5d014a368d5e1d6e4379478bb4ff3

SHA256
820898740c92cb712e0433bdab097db5f2135d51d16fd2f69399f61775954cc8

SHA512
8c57b3024c0d0648a992c4cce80adae35ad877c3d80f382a8a6cd4a95f506245892d740d41b812aa1beb69e3fc3457b9ce7dc3f0e5423fc46e832fcb0e1a0655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9bfadbea85aecc118fd3be0e26c6374c

SHA1
89d71279c6903311683c80fcd98cf8f033c48030

SHA256
dd51507f71156addb62053a705ac49d97e15d807fbce36e5e12a35e787f74db0

SHA512
8d35997acc21a20d847bdf046da66d4c0a385cea148d0bc8d3d89e8dfdd807f59135273b919fcc109b25b64e47dae5f1b088b90fa012e1b22d10f61dca632412

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8862.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8874.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit